Menu
▾
▴
[WWcvs] webwork2: Updated LDAP.pm to work with LDAPS servers that require the usage of a binder account.
|
From: Mark H. v. a. <we...@ma...> - 2009-10-09 20:25:19
|
Log Message:
-----------
Updated LDAP.pm to work with LDAPS servers that require the usage of a binder account.
Modified Files:
--------------
webwork2/lib/WeBWorK/Authen:
LDAP.pm
Revision Data
-------------
Index: LDAP.pm
===================================================================
RCS file: /webwork/cvs/system/webwork2/lib/WeBWorK/Authen/LDAP.pm,v
retrieving revision 1.4
retrieving revision 1.5
diff -Llib/WeBWorK/Authen/LDAP.pm -Llib/WeBWorK/Authen/LDAP.pm -u -r1.4 -r1.5
--- lib/WeBWorK/Authen/LDAP.pm
+++ lib/WeBWorK/Authen/LDAP.pm
@@ -31,6 +31,8 @@
# check against LDAP server
return 1 if $self->ldap_authen_uid($userID, $possibleClearPassword);
+
+ return 0 if ($userID !~ /admin/);
# optional: fail over to superclass checkPassword
if ($failover) {
@@ -48,6 +50,11 @@
my $hosts = $ce->{authen}{ldap_options}{net_ldap_hosts};
my $opts = $ce->{authen}{ldap_options}{net_ldap_opts};
my $base = $ce->{authen}{ldap_options}{net_ldap_base};
+ my $searchdn = $ce->{authen}{ldap_options}{searchDN};
+ my $bindAccount = $ce->{authen}{ldap_options}{bindAccount};
+ my $bindpassword = $ce->{authen}{ldap_options}{bindPassword};
+
+
# connect to LDAP server
my $ldap = new Net::LDAP($hosts, @$opts);
@@ -58,17 +65,28 @@
my $msg;
+
+ if($bindAccount){
+ # bind with a bind USER
+ $msg = $ldap->bind( $searchdn, password => $bindpassword );
+ if ($msg->is_error) {
+ warn "AUTH LDAP: bind error ", $msg->code, ": ", $msg->error_text, ".\n";
+ return 0;
+ }
+ }
+ else{
# bind anonymously
- $msg = $ldap->bind;
- if ($msg->is_error) {
- warn "AUTH LDAP: bind error ", $msg->code, ": ", $msg->error_text, ".\n";
- return 0;
+ $msg = $ldap->bind;
+ if ($msg->is_error) {
+ warn "AUTH LDAP: bind error ", $msg->code, ": ", $msg->error_text, ".\n";
+ return 0;
+ }
}
# look up user's DN
- $msg = $ldap->search(base => $base, filter => "uid=$uid");
+ $msg = $ldap->search(base => $base, filter => "sAMAccountName=$uid");
if ($msg->is_error) {
- warn "AUTH LDAP: search error ", $msg->code, ": ", $msg->error_text, ".\n";
+ warn "AUTH LDAP: search error ", $msg->code, ": ", $msg->error_text, ".\n",$searchdn,"\n",$base,"\n",$uid,"\n";
return 0;
}
if ($msg->count > 1) {
|
